It’s been a bad year for Apple on the security front with various exploits and vulnerabilities. So bad in fact, that Eugene Kaspersky, co-founder of the security firm, Kaspersky Labs, commented, “Apple are ten years behind Microsoft in terms of security“. It seems Apple still don’t care as they release Safari 6 along with the latest incarnation of OS X, Mountain Lion, whilst ignoring 121 known vulnerabilities for the previous version of Safari. Worse, the latest version of Safari is not available to users of Windows or OS X Snow Leopard.

Users left exposed to vulnerabilities

In previous instances where Apple have waited to release the latest version of Safari to coincide with the release of OS X, Apple have released a security update for users of older versions on different platforms. This time around, Apple have made no such update available, effectively leaving these users at risk.

On the main Safari web page, it says, “the latest version of Safari is available in Mountain Lion. The latest version of Safari for Lion is available through Software Update“. There is no mention of Windows or Snow Leopard and certainly no update available for either of these platforms through Software Update.

Without knowing whether the browser for these platforms will be updated, older versions of Safari are no longer safe to use.

More security risks: self-installing trojan

Given the year that Apple have already had around negative publicity for security issues, you think they would have taken a more serious approach to minimise the risk to all their users. However, to add to the company’s security failings, the Intego Virus Team have discovered a trojan that is able to install itself without permission and is able to hide itself well, if installed with root permission.

The trojan is able to run without interaction, preserves itself against reboots and communicates with a web server every five minutes, awaiting instructions. At the moment, it appears to only affect OS X Snow Leopard and OS X Lion.

Switch web browsers

In the meantime, users of OS X Snow Leopard and Windows are advised to stop using Safari and switch to a more secure updated web browser, like Mozilla Firefox or Internet Explorer 9. At least until Apple decides to take security more seriously.